Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#42983 - [graphviz] format string vulnerability (CVE-2014-9157)
Attached to Project:
Arch Linux
Opened by Remi Gacogne (rgacogne) - Tuesday, 02 December 2014, 09:03 GMT
Last edited by Gaetan Bisson (vesath) - Tuesday, 02 December 2014, 20:41 GMT
Opened by Remi Gacogne (rgacogne) - Tuesday, 02 December 2014, 09:03 GMT
Last edited by Gaetan Bisson (vesath) - Tuesday, 02 December 2014, 20:41 GMT
|
DetailsA format string vulnerability has been found [1] in graphviz <= 2.38. It is unclear at this moment whether a new version is going to be released soon.
I believe we might want to backport the patch [2] correcting this flaw. [1] http://seclists.org/oss-sec/2014/q4/872 [2] https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081 |
This task depends upon
Closed by Gaetan Bisson (vesath)
Tuesday, 02 December 2014, 20:41 GMT
Reason for closing: Fixed
Additional comments about closing: graphviz-2.38.0-3 in [extra]
Tuesday, 02 December 2014, 20:41 GMT
Reason for closing: Fixed
Additional comments about closing: graphviz-2.38.0-3 in [extra]